EP1635529A1 - Méthode et produit informatique pour apporter le preuve du temps et du contenu d'enregistrements de données dans une systeme contrôlée - Google Patents

Méthode et produit informatique pour apporter le preuve du temps et du contenu d'enregistrements de données dans une systeme contrôlée Download PDF

Info

Publication number
EP1635529A1
EP1635529A1 EP04445091A EP04445091A EP1635529A1 EP 1635529 A1 EP1635529 A1 EP 1635529A1 EP 04445091 A EP04445091 A EP 04445091A EP 04445091 A EP04445091 A EP 04445091A EP 1635529 A1 EP1635529 A1 EP 1635529A1
Authority
EP
European Patent Office
Prior art keywords
data
time
synchronization
data records
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04445091A
Other languages
German (de)
English (en)
Inventor
Daniel Akenine
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to EP04445091A priority Critical patent/EP1635529A1/fr
Priority to US11/220,272 priority patent/US20060053294A1/en
Publication of EP1635529A1 publication Critical patent/EP1635529A1/fr
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Definitions

  • This present invention relates to a system and method for verifying the content of digital data and more particularly to a system and method that at a later time may provide proof of the content of some data passing through a system and at what moment in time this happened.
  • the present invention also relates to computer program products comprising computer program code which, when executed by one or several computers, will enable these computers to perform the inventive method.
  • the invention also relates to a computer readable medium carrying such inventive computer program code.
  • Event though the present invention may be used to verify all types of digital data the most common use of data verification is to verify data content in the form of electronic messages, like emails. This is because when sending an electronic message generally there are two human parties involved and they may, for a number of reasons, not always agree on the transmitted content at a later time.
  • An example may be a supplier of mobile phones receiving by email an order for 100 phones of model A from a customer.
  • the supplier chooses to accept the order and sends the phones to the customer.
  • the phones arrive to the customer he refuses to accept the order and claims he ordered 100 phones of model B.
  • the supplier will have a hard time using the email as evidence of the order.
  • Another way of proving the content of messages sent and received is to use a trusted third party as a "middle man".
  • a user sends all outgoing messages to the "middle man” and all incoming messages to the user first passes through the "middle man".
  • the “middle man” saves all messages or a digital digest of the messages and stores them in some kind of data storage.
  • the "middle man” saves all messages he may serve as a verifier of the content and delivery of the messages at some later time. This technique may of course be used with all types of data.
  • the "middle man” approach however has some major drawbacks. For instance, all data needs to be sent to the "middle man” for storage, signing or delivery. For many companies it is simply not an option to send important company data to another company.
  • verifying emails How does the sending company know that the emails are delivered and stored in a safe and secured manner? How to be sure that no personnel at the third party reads the emails for there own purposes. How to be sure that the emails are not changed or manipulated in the process? Simply put - most companies dealing with business information wants to keep control over their data and data delivering processes. This together with the fact that the company needs to be connected to the "middle-man" at all times is one of the reasons to why the "middle-man” approach is not widely spread. Other drawbacks are that if the data content is stored by the "middle-man” then the content may be unsafe, if only the signatures of the data are stored then the data content will be impossible to recreate.
  • the present invention describes a method for monitoring and saving data records in a monitored system with the purpose of preventing the possibility to tamper with said data records at a later time.
  • the inventive method comprises the steps of saving data content together with a time-limited active key and encrypting the data content and active key using an encryption algorithm not possible for the encryptor to decrypt, the encrypted data content and active key forming the data record.
  • the resulting data records may be consider as time-locked trusted data even though they are recorded and stored by an untrusted system.
  • the present invention teaches the steps of generating a lock value representing all former data records, and saving the lock value together with the data content and time-limited active key before performing the encryption, the encrypted data content, active key and lock value thus forming the data record.
  • the resulting new data record will be an integrated and undivided part of the whole data file.
  • the lock values are created by hashing one or all former data record(s) or data content. If the data record is a first data record in a set of data records, then the time-limited active key is used as a lock value representing a virtual former data record.
  • Timestamps generated by an untrusted system are easy to manipulate.
  • the present invention uses time limited active keys to time lock the data records.
  • the time limited active keys may be issued by a trusted synchronization server.
  • the time limited active key is a representation of a time interval, during which time interval the time limited active key is valid, the time interval being coded so that only the trusted synchronization server can decode and indicate the time interval.
  • the trusted synchronization server creates a unique pattern of active keys for each monitored system and synchronizes continuously the monitored systems so that they always have a valid active key. By saving the active keys in the encrypted data records the data records will become time locked in a trusted way.
  • the pattern of active keys consists of a combination of random keys, and the time intervals represented by respective key may all be the same or differ between keys.
  • a verification provider is someone that is considered by all parties to be an independent and trusted party.
  • the verification provider has possession of the private key to decrypt the data records and access to the pattern of active keys defined for the specific monitored system that has created the data file.
  • the verification provider decrypts the data records, and if lock values are used, recalculates the lock values and compares them with the lock values stored in the data file. It they do not match then someone has added, deleted or altered some data in the file after it has been recorded. If they match then the verification provider compares all active keys in the pattern database for the specific monitored system with the active keys stored in the data records. If the active keys for the same time do not match then the data record(s) has been created at some other time than claimed.
  • the present invention may further use the services exposed by a trusted computing platform (TCP).
  • TCP trusted computing platform
  • the active keys may be generated by the internal trusted time service thus eliminating the need for a synchronization server supplying active keys.
  • the active key value provided by the TCP may be an UTC timestamp or a representation of a time interval. Upon data verification the active key is considered to be trusted and may be used as a trusted indicator of when the data was recorded.
  • the internal trusted time services may be synchronized by any trusted time source.
  • Verification Provider is defined as an organization that is considered by all parties to be an independent and trusted party.
  • the challenge facing an organization that wants to prove to someone else the time and content of some digital data created or passing through their system is that they are not trusted.
  • the organization has physical access to the data and has the power to alter, add or delete data as they find appropriate before presenting the data.
  • the invention must therefore supply a method that collects and saves data on an untrusted system in a way that makes it impossible for the owner of the data to later change the data that was registered on the untrusted system. Attempts by the owner to alter, delete, add or reconstruct the data at a later time must be possible to detect by a verification provider.
  • This embodiment shows an example of how the invention may be used to later verify time and content of computer network traffic in the form of email messages. It consists of at least one monitored system and one synchronization server.
  • the monitored system collects, synchronizes, encrypts and stores all computer network traffic that passes through the computer.
  • the synchronization server sends active keys to the monitored system.
  • any system that is connected to a computer network needs some type of network interface 101 - this may be a wireless network card, a standard Ethernet network card or some other type of interface to the network.
  • network interface 101 may be a wireless network card, a standard Ethernet network card or some other type of interface to the network.
  • computer signals will be sent to or from the monitored system 100.
  • computer signals to other systems may also pass the network interface on the monitored system 100 and may be monitored as well.
  • collector module 102 On the monitored system 100 a collector module 102 is installed.
  • the collector module is scanning and monitoring all traffic that passes through the network interface 101 - this technique is in some literatures referred to as "sniffing".
  • the collector module 102 may additionally perform some real-time analysis on the traffic, filtering out unwanted traffic based on traffic type, destination ports or some other parameter(s).
  • the collector module 102 is collecting email traffic only. This may be done for example by collecting only network traffic that is using the Simple Mail Transport Protocol (SMTP).
  • SMTP Simple Mail Transport Protocol
  • the synchronization process is performed by a synchronization slave module 105 installed on the monitored system 100 which communicates in a safe and encrypted way with a synchronization master module 109.
  • a unique lD is supplied making it possible for the synchronization master module to identify the slave module and personalize the synchronization.
  • the synchronization master module may be installed on a server under the control of the verification provider.
  • the synchronization slave module and the synchronization master module connects to each other preferably over the Internet.
  • the communication between the two modules should be kept secret so an encrypted secure connection needs to be established. This is preferably done using HTTP requests over Secure Socket Layer, also known as HTTPS.
  • HTTPS is today the standard way of sending encrypted data over untrusted networks like the Internet. Other safe communication channels may of course also be used.
  • FIG.2A describing the process of registering a new synchronization slave module.
  • the pattern should be created so it contains a sufficient amount of keys for a long period of time.
  • the encryption module has the responsibility to create and encrypt a data record that:
  • FIG.5 An example of a possible resulting unencrypted data record is shown in FIG.5
  • OMS Monitored System
  • the present invention is running on a Monitored System (MS) with a hardware and software configuration implementing a computing platform known as a Trusted Computing Platform (TCP).
  • MS Monitored System
  • TCP Trusted Computing Platform
  • TCP provides a computing platform for applications where the owner of the system can not tamper with the applications and where these applications can communicate securely with their authors and with each other.
  • a TCP may further deliver trusted services to applications like trusted memory space, trusted time services etc.
  • An example of a possible Trusted Computing Platform is described in patent publication US 6,330,670, "Digital Rights Management Operating System".
  • TCG Trusted Computing Group
  • the invention may use the time services delivered by the Trusted Computing Platform to generate the active key without using a synchronization server 107.
  • the internal trusted clock is delivered by the TCP architecture, guaranteed to be accurate and not possible to manipulate by the owner of the system - it may be synchronized internally or from some other trusted time source.
  • the active key in this case will consist of a timestamp or a representation of a timestamp delivered by the trusted clock instead of being supplied by the synchronization server 107.
  • the system operates basically as in the first embodiment with the difference that no synchronization or synchronization setup is needed.
  • the active key will be delivered to the encryption module 103 in step 302 by the TCP and upon data verification the active key is considered to be trusted by the verification provider. This means that Steps 406-408 in Fig.4 may be omitted when verifying the data. Instead the active key may be used to verify the claimed creation time by simply comparing the two. If they represent the same time then the claimed creation time is correct. The active key could also be used as the claimed creation time if the claimed creation time is stored inside the encrypted data record.
  • the invention does not use the technique, described in the first embodiment, to link all data records together using lock values.
  • Lock values are necessary in most cases as data normally is stored in a database file system where it is easy to find and manipulate individual data records.
  • the system instead saves the data records in a data file represented as a single BLOB (Binary Large Object).
  • BLOB Binary Large Object
  • a BLOB a data file where it is not possible, except for the Verification Provider who may decrypt the data file, to know where individual data records starts or ends. The effect is that it is not possible to delete, alter or add individual records because it is not possible to know the storage position for individual data records in the data file.
  • the Storage Module 104 could, instead of using a database system, continuously stream the data records sequentially into a standard file without inserting any control characters in the file to indicate start or beginning of the data records.
  • the system operates basically as in the first or second embodiment with the difference that the data records are not linked together using lock values and that upon data verification the verification provider does not need to do the verifycation steps 403-405 to verify that no data records has been added, altered or deleted.
  • the collector module is feed from some other information provider than the Network Interface Card.
  • the collector module for example scans the local system for new or changed Microsoft word documents.
  • the collector module intercepts the document and sends it to the encryption module for processing and storage - the document never leaves the local computer.
  • the user may use the normal verification process (Fig.4) to prove he wrote a specific document at a specific time.
  • the present invention uses, instead of two, a combination of three (or more) secrets to encrypt the data. This means that to be able to decrypt and verify the data three (or more) ingredients need to be in place.
  • the Verification Provider (with the private asymmetric key), the recorded data file (encrypted with the public asymmetric key) and the symmetric encryption key(s) needed for decryption of the content in the recorded data file.
  • the symmetric encryption key(s) may be included in an email or stored/distributed in some other way.
  • the Verification Provider need to be supplied with all the symmetric encryption key(s) for each email.
  • the present invention also relates to a number of computer program products, schematically shown in figures 7a and 7b.
  • a first computer program product 71 comprises first computer program code 71 a, which, when executed by a computer, enables the computer to act as a monitored server 100a belonging to an inventive monitored system 100.
  • a second computer program product 72 comprises second computer program code 72a, which, when executed by a computer, enables the computer to act as an inventive synchronization server 107.
  • a third computer program product 73 comprises third computer program code 73a, which, when executed by a computer, enables the computer to act as an inventive verification provider 110 adapted to co act with a monitored server 100a running on an untrusted computing platform, figure 7a.
  • a fourth computer program product 74 comprises fourth computer program code 74a, which, when executed by a computer, enables the computer to act as a verification provider 110' adapted to co act with a monitored server 100a' running on a trusted computing platform, figure 7b.
  • the present invention also relates to a computer readable medium 8, in figure 8 schematically illustrated as a compact disc, which is carrying inventive first, second, third or fourth computer program code 71 a, 72a, 73a, 74a.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
EP04445091A 2004-09-09 2004-09-09 Méthode et produit informatique pour apporter le preuve du temps et du contenu d'enregistrements de données dans une systeme contrôlée Withdrawn EP1635529A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP04445091A EP1635529A1 (fr) 2004-09-09 2004-09-09 Méthode et produit informatique pour apporter le preuve du temps et du contenu d'enregistrements de données dans une systeme contrôlée
US11/220,272 US20060053294A1 (en) 2004-09-09 2005-09-06 System and method for proving time and content of digital data in a monitored system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP04445091A EP1635529A1 (fr) 2004-09-09 2004-09-09 Méthode et produit informatique pour apporter le preuve du temps et du contenu d'enregistrements de données dans une systeme contrôlée

Publications (1)

Publication Number Publication Date
EP1635529A1 true EP1635529A1 (fr) 2006-03-15

Family

ID=34932995

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04445091A Withdrawn EP1635529A1 (fr) 2004-09-09 2004-09-09 Méthode et produit informatique pour apporter le preuve du temps et du contenu d'enregistrements de données dans une systeme contrôlée

Country Status (2)

Country Link
US (1) US20060053294A1 (fr)
EP (1) EP1635529A1 (fr)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007149154A2 (fr) * 2006-05-09 2007-12-27 Interdigital Technology Corporation Fonctionnalité temporelle sécurisée pour dispositif sans fil
GB0622149D0 (en) * 2006-11-07 2006-12-20 Singlepoint Holdings Ltd System and method to validate and authenticate digital data
US20090178143A1 (en) * 2008-01-07 2009-07-09 Diginome, Inc. Method and System for Embedding Information in Computer Data
US20090175521A1 (en) * 2008-01-07 2009-07-09 Diginome, Inc. Method and System for Creating and Embedding Information in Digital Representations of a Subject
KR101544629B1 (ko) * 2008-02-19 2015-08-17 인터디지탈 패튼 홀딩스, 인크 안전하고 신뢰성있는 시간 기술을 위한 방법 및 장치
US20120070002A1 (en) * 2009-07-19 2012-03-22 Angel Secure Networks, Inc. Protecting information in an untethered asset
US9779129B1 (en) 2013-09-11 2017-10-03 Express Scripts, Inc. Systems and methods for integrating data
US11361381B1 (en) 2017-08-17 2022-06-14 Express Scripts Strategic Development, Inc. Data integration and prediction for fraud, waste and abuse
EP4182821A1 (fr) * 2020-07-14 2023-05-24 Gapfruit AG Module de stockage pour stocker un fichier de données et fournir son hachage

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999057847A1 (fr) * 1998-05-04 1999-11-11 Eoriginal Inc. Systeme et procede pour l'emission, le stockage et l'extraction electroniques de documents authentifies
WO2000079348A2 (fr) * 1999-06-23 2000-12-28 Datum, Inc. Systeme et procede pour l'etablissement d'horloge de tiers fiable et d'horloge locale fiable
WO2001089133A2 (fr) * 2000-05-16 2001-11-22 Surety.Com Procede et appareil pour l'auto-authentification d'enregistrements numeriques
US20020038420A1 (en) * 2000-04-13 2002-03-28 Collins Timothy S. Method for efficient public key based certification for mobile and desktop environments
US6393126B1 (en) * 1999-06-23 2002-05-21 Datum, Inc. System and methods for generating trusted and authenticatable time stamps for electronic documents
US20040034771A1 (en) * 2002-08-13 2004-02-19 Edgett Jeff Steven Method and system for changing security information in a computer network

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757907A (en) * 1994-04-25 1998-05-26 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification
US6292126B1 (en) * 1997-12-30 2001-09-18 Cable Television Laboratories Quantizer that uses optimum decision thresholds
US6611812B2 (en) * 1998-08-13 2003-08-26 International Business Machines Corporation Secure electronic content distribution on CDS and DVDs
US7085385B2 (en) * 2002-01-04 2006-08-01 Hewlett-Packard Development Company, L.P. Method and apparatus for initiating strong encryption using existing SSL connection for secure key exchange
US7370350B1 (en) * 2002-06-27 2008-05-06 Cisco Technology, Inc. Method and apparatus for re-authenticating computing devices
GB2398712B (en) * 2003-01-31 2006-06-28 Hewlett Packard Development Co Privacy management of personal data
KR100523357B1 (ko) * 2003-07-09 2005-10-25 한국전자통신연구원 이더넷 기반 수동형 광네트워크의 보안서비스 제공을 위한키관리 장치 및 방법
US20050050316A1 (en) * 2003-08-25 2005-03-03 Amir Peles Passive SSL decryption
US7117204B2 (en) * 2003-12-03 2006-10-03 International Business Machines Corporation Transparent content addressable data storage and compression for a file system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999057847A1 (fr) * 1998-05-04 1999-11-11 Eoriginal Inc. Systeme et procede pour l'emission, le stockage et l'extraction electroniques de documents authentifies
WO2000079348A2 (fr) * 1999-06-23 2000-12-28 Datum, Inc. Systeme et procede pour l'etablissement d'horloge de tiers fiable et d'horloge locale fiable
US6393126B1 (en) * 1999-06-23 2002-05-21 Datum, Inc. System and methods for generating trusted and authenticatable time stamps for electronic documents
US20020038420A1 (en) * 2000-04-13 2002-03-28 Collins Timothy S. Method for efficient public key based certification for mobile and desktop environments
WO2001089133A2 (fr) * 2000-05-16 2001-11-22 Surety.Com Procede et appareil pour l'auto-authentification d'enregistrements numeriques
US20040034771A1 (en) * 2002-08-13 2004-02-19 Edgett Jeff Steven Method and system for changing security information in a computer network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KELSEY J ET AL: "An authenticated camera", COMPUTER SECURITY APPLICATIONS CONFERENCE, 1996., 12TH ANNUAL SAN DIEGO, CA, USA 9-13 DEC. 1996, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, US, 9 December 1996 (1996-12-09), pages 24 - 30, XP010213038, ISBN: 0-8186-7606-X *

Also Published As

Publication number Publication date
US20060053294A1 (en) 2006-03-09

Similar Documents

Publication Publication Date Title
US7493661B2 (en) Secure transmission system
Kent Internet privacy enhanced mail
US6363480B1 (en) Ephemeral decryptability
US20080065878A1 (en) Method and system for encrypted message transmission
US20060053294A1 (en) System and method for proving time and content of digital data in a monitored system
USRE45348E1 (en) Method and apparatus for intercepting events in a communication system
US7142676B1 (en) Method and apparatus for secure communications using third-party key provider
US20020136410A1 (en) Method and apparatus for extinguishing ephemeral keys
US20040236953A1 (en) Method and device for transmitting an electronic message
EP1678666A2 (fr) Enregistrement et authentification de donnees de transactions
US20080098227A1 (en) Method of enabling secure transfer of a package of information
JPH10105057A (ja) タイムスタンプサーバシステム
WO2000013368A1 (fr) Authentification ou signature numerisee d'objets de donnees numeriques
US20160080336A1 (en) Key Usage Detection
EP1099334A2 (fr) Systeme de gestion de messages securises
EP1116368B8 (fr) Systeme securise de transfert de donnees
Kline et al. Public key vs. conventional key encryption
RU2373653C2 (ru) Безопасность сообщений
Fumy et al. A modular approach to key distribution
US20070076880A1 (en) Secure digital transmission
Zibran Cryptographic security for emails: A focus on S/MIME
Bai et al. Access revocation and prevention of false repudiation in secure email exchanges
Kent Security Services
Moser S/MIME
EP1280295A1 (fr) Procédé pour le transfert securisé d'un paquet d'informations

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL HR LT LV MK

17P Request for examination filed

Effective date: 20060915

AKX Designation fees paid

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

17Q First examination report despatched

Effective date: 20070509

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20110401